require('date-utils')
utils = require('../lib/utils')
exports.resErr = resErr = utils.resErr

exports.admin_user = (req,res,next) ->
  name = req.session?.admin_user?.displayname
  now = new Date().toFormat("YYYY-MM-DD HH:MI:SS")
  console.log "[info] #{now} admin2: #{name} : #{req.path}"
    
  #return resErr(res,"无管理权限",403) unless req.session?.admin
  auth_roles = req.session?.auth_roles
  if auth_roles
    if 'admin' in auth_roles
      next()
    else
      url = req.path
      method = req.method
      auth_urls = req.session?.auth_urls
      if !auth_urls
        resErr(res,"未被授予权限",403)
      else
        flag = false
        for r in auth_urls
          if r.url == url
            if r.http_method == method.toUpperCase() or r.http_method == 'ALL'
              flag = true
        if(flag)
          next()
        else
          resErr(res,"无权限访问该资源",403)
  else
    resErr(res,"未被授予权限",403)